On Thu, 03 Feb 2005 10:05:39 -0800 in [EMAIL PROTECTED] Kelson <[EMAIL PROTECTED]> wrote:
> Brian Morrison wrote: > > Well two things come to mind. It isn't ClamAV's job to block spam, > > only viruses and immediately identifiable deceptions like phishing > > attacks. > > ...like a trojan spread by email that, after installing itself, serves > as a spam proxy? Seems like any other sort of trojan to me, I can't see why the signature would be different because the zombie is using the ISP's smarthost for outgoing mail. Of course ClamAV will be able to detect such a thing... > > > Secondly, the only clue about the path taken is in the mail headers, > > ClamAV is really a body scanning tool so again it isn't designed to > > identify the attack approach you mention. > > The question didn't seem to be about blocking spam sent using this > approach, it seemed to be about blocking distribution of the trojan > that would enable it. > > In other words... "Does anyone know which trojan/virus/etc. does this, > and does ClamAV detect it?" > Well once such a Trojan appears and is reported to the ClamAV team it's signature will be added if it proves to be new, and ClamAV will detect it if the payload is already recognised. It seems to me that this is almost a non-story, after all some ISPs are now blocking all mail from some other continents/countries, so all mail is blocked. That in some ways is far more concerning than a slight change of tactics by the spam/trojan creators. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
